[mythtv] Proposed change to Network Communications
rudy zijlstra
mythtv at grumpydevil.homelinux.org
Sat Mar 11 10:17:10 UTC 2017
On 10-03-17 00:29, Mark Perkins wrote:
> On 10 March 2017 8:34:43 AM rudy zijlstra
> <mythtv at grumpydevil.homelinux.org> wrote:
>
>>
>> On 08-03-17 19:30, Karl Dietz wrote:
>>> On 08.03.2017 13:36, Brian J. Murrell wrote:
>>>> security implications of transitioning from "NAT security" (for
>>> this is the point. "transition from some security to no security"
>>>
>>> There is a perimeter device that currently implement IPv4 perimeter
>>> security with a method that goes by the name "IPv4 NAT Firewall" or
>>> similar. (lets not get into details)
>>> When the provider of this perimeter device now implements IPv6 its up
>>> to them to also implement some IPv6 perimeter security. Maybe with a
>>> "real firewall" or whatever.
>> All operator provided gateways i am aware of that implement IPv6 also
>> implement an IPv6 firewall. The default setting is to block all traffic
>> inbound into the home network that is not requested. In other words,
>> the default is that, in firewall terms, only RELATED traffic is allows
>> in from the internet.
>>
>> Cheers
>>
>> Rudy
> I apologise in advance if I am heading off topic but wouldnt a firewall
> like that block me from SSH 'ing into my servers or block any home Web
> servers from operating? Maybe the firewall will be end user configurable or
> opt in / out.
>
>
User configurable is your answer. You would open ports to allow for
that. Default is very much closed, for security purposes. And most home
users do not run services.
Personally i have configured VPN access for remote access.
More information about the mythtv-dev
mailing list